Mining criminal networks from chat log

Cyber criminals exploit opportunities for anonymity and masquerade in web-based communication to conduct illegal activities such as phishing, spamming, cyber predation, cyber threatening, blackmail, and drug trafficking. One way to fight cyber crime is to collect digital evidence from online documents and to prosecute cyber criminals in the court of law. In this paper, we propose a unified framework using data mining and natural language processing techniques to analyze online messages for the purpose of crime investigation. Our framework takes the chat log from a confiscated computer as input, extracts the social networks from the log, summarizes chat conversations into topics, identifies the information relevant to crime investigation, and visualizes the knowledge for an investigator. To ensure that the implemented framework meets the needs of law enforcement officers in real-life investigation, we closely collaborate with the cyber crime unit of a law enforcement agency in Canada. Both the feedback from the law enforcement officers and experimental results suggest that the proposed chat log mining framework is effective for crime investigation. © 2012 IEEE

Quantitative Computational Framework For Analyzing Evidence To Identify Attack Intention And Strategy In Network Forensics

The increasing number of cyber crimes has motivated network forensics researchers to develop new techniques to analyze and investigate these crimes. Although cyber crimes produce a large volume of evidence, analyzing and measuring the extent of the damages caused by these crimes are difficult because of the overwhelming amount of evidence involved in each case. Thus, current cyber crime investigation techniques are costly and time consuming. In addition, these techniques normally use active and reactive processes to analyze cyber crimes, and such processes start after the cyber crime has been identified, which makes identifying useful evidence difficult. Moreover, the information required to understand and analyze cyber crime factors such as the intention and strategy of the crime are limited. This thesis proposes a new framework to analyze cyber crime evidence. The proposed framework aims to use cyber crime evidence to reconstruct attack intentions and estimate similar attack strategies. The intentions are identified through a new algorithm called Attack Intention Analysis, which predicts cyber crime intentions by combining Dempster-Shafer theory and a causal network. Similar attack strategies have been estimated by using one of the two proposed methods. The first method creates a new model that uses evidence when the intentions for a cyber crime are undetected. This model aims to measure similar evidence between new and pre-existing cyber crime cases to estimate similar strategies

Digital Evidence and Best Evidence Rule Legal-Technological Approach headed for Digital Evidence Admissibility Review

Computer forensic whizzes do their utmost to employ effective tools and methodologies to extract and analyze data from storage devices used at the digital crime scene to acquire and be able to present admissible evidence in court. This paper is an attempt and a trial to highlight the areas of discussions and critical review of the available guidelines used to achieve successful computer crime investigation that is compatible with best evidence rule. The enforcement of information laws is a step in the right direction towards a knowledge-based well established cyber security, however having laws alone isn’t enough for carrying out valid and effective confrontation against cyber criminals. Consequently this paper studies the common factors and elements in the computer crime case with focus on best evidence rule and suitable road map process of Digital Forensic Investigation Framework (DFIF) to maintain a close cooperation between parties through effective use of legal concepts and technology. The paper discusses the main challenges and basics needed to be handled, and observed closely to grasp a successful prosecution of a cybercriminal. Basically, the paper deliberates and reviews deferent investigation frameworks of cybercrime with emphasis on the most prominent frameworks, legal requirements, technological, and technical practices needed over and done with studying cybercrime categories, rules of evidence in court, employing historical critical literature review and the study of restrictions imposed over admissibility of digital evidence

Perancangan Nenggala Disk Duplicator (Ndd) untuk Mendukung Proses Investigasi Forensik Digital

The development of information technology simplify human life. Its evoke crime loopholes, cyber crime. When solving criminal cases that utilize information technology is required the digital forensic science. In carrying out a digital investigation known multiple frameworks around the worlds. Every devices, every organization has their own framework. The most common framework divided into 4 sections. Preservation, Acquisition, Analysis, and Reporting are the most common used around the worlds. Acquisition is a key part of the investigation process because in this process digital evidence is collected form the electronic evidence. The acquisition processes uses special equipment. Forensic acquisition equipment mostly made by forensic vendors in the world. The problems that arise in the academic realm is the price of the equipment is quite expensive. The existence of the above problem there is a gap to conduct research on the applied field of development of tools for forensic acquisition. This study provides an early overview of the design of a digital forensics acquisition tool called Nenggala Disk Duplicator

On the complexity of collaborative cyber crime investigations

This article considers the challenges faced by digital evidence specialists when collaborating with other specialists and agencies in other jurisdictions when investigating cyber crime. The opportunities, operational environment and modus operandi of a cyber criminal are considered, with a view to developing the skills and procedural support that investigators might usefully consider in order to respond more effectively to the investigation of cyber crimes across State boundaries

Cyber security investigation for Raspberry Pi devices

Big Data on Cloud application is growing rapidly. When the cloud is attacked, the investigation relies on digital forensics evidence. This paper proposed the data collection via Raspberry Pi devices, in a healthcare situation. The significance of this work is that could be expanded into a digital device array that takes big data security issues into account. There are many potential impacts in health area. The field of Digital Forensics Science has been tagged as a reactive science by some who believe research and study in the field often arise as a result of the need to respond to event which brought about the needs for investigation; this work was carried as a proactive research that will add knowledge to the field of Digital Forensic Science. The Raspberry Pi is a cost-effective, pocket sized computer that has gained global recognition since its development in 2008; with the wide spread usage of the device for different computing purposes. Raspberry Pi can potentially be a cyber security device, which can relate with forensics investigation in the near future. This work has used a systematic approach to study the structure and operation of the device and has established security issues that the widespread usage of the device can pose, such as health or smart city. Furthermore, its evidential information applied in security will be useful in the event that the device becomes a subject of digital forensic investigation in the foreseeable future. In healthcare system, PII (personal identifiable information) is a very important issue. When Raspberry Pi plays a processor role, its security is vital; consequently, digital forensics investigation on the Raspberry Pies becomes necessary

Software Engineering Challenges for Investigating Cyber-Physical Incidents

Cyber-Physical Systems (CPS) are characterized by the interplay between digital and physical spaces. This characteristic has extended the attack surface that could be exploited by an offender to cause harm. An increasing number of cyber-physical incidents may occur depending on the configuration of the physical and digital spaces and their interplay. Traditional investigation processes are not adequate to investigate these incidents, as they may overlook the extended attack surface resulting from such interplay, leading to relevant evidence being missed and testing flawed hypotheses explaining the incidents. The software engineering research community can contribute to addressing this problem, by deploying existing formalisms to model digital and physical spaces, and using analysis techniques to reason about their interplay and evolution. In this paper, supported by a motivating example, we describe some emerging software engineering challenges to support investigations of cyber-physical incidents. We review and critique existing research proposed to address these challenges, and sketch an initial solution based on a meta-model to represent cyber-physical incidents and a representation of the topology of digital and physical spaces that supports reasoning about their interplay

National plan to combat cybercrime

Australia is a highly connected country - technology and the internet are crucial to Australia\u27s way of life. However, while the potential of the internet and digital economy is clearly a massive opportunity for Australia, it is also quickly emerging as a key enabler for criminal activity. In Australia, the term \u27cybercrime\u27 is used to describe both: crimes directed at computers or other information communications technologies (ICTs) (such as hacking and denial of service attacks) and crimes where computers or ICTs are an integral part of an offence (such as online fraud, identity theft and the distribution of child exploitation material). Responsibility for combating the different forms of cybercrime in Australia is shared between Australian Government agencies state and territory agencies. All jurisdictions have criminal laws directed at the various forms of cybercrime. The Australian Attorney-General\u27s Department has led the development of a National Plan to Combat Cybercrime, in consultation with Australian Government agencies, state and territory agencies